A number of new variants of Email-Worm.Win32.Bagle have been detected today. They are new variants of the same malware only packed differently. They all have in common that they don't self-replicate. In other words, these are so-called intended variants, not fully functional versions. They have all been mass-mailed out deliberately as spam.
The new Bagles were sent as attachment to infected emails with random or missing subjects and texts. The malware arrives as a Windows executable file. The name, form and size of the files are also random. It is thus difficult to identify the infected emails using formal
attributes, and we caution all users to be especially cautious when opening email attachments.
The malware is launched when the user clicks on the attachment: Bagle copies itself into the Windows system folder and creates a registry key. Bagle then stops processes that protect the infected machines and local networks, leaving them open to further attack.
Kaspersky Lab virus analysts have detected 15 pieces of malware by the author of Bagle. They are closely related and differ mostly in the packing routines. Therefore, Kaspersky Lab is detecting them all as Email-Worm.Win32.Bagle.pac.
Related links: (Open in a new window.)
www.kaspersky.com
www.viruslist.com
vil.nai.com/vil/content/v_129512.htm
Taken from Information Security Bulletin.